Articles
Whats New?
Database
General Interest
Industry
Performance
Reporting
Security
Upgrades
Kick the Dog
Subscribers Logon
email:
password:
Subscribe | Authors | FAQ
Activate Digital Subscription

Connected! Our Newsletter
Add to Google Reader or Homepage
Bypassing the Sign-On Page
No SSL? No problem. Save your users time by skipping the Sign-On

Posted on 2/1/2007 (originally published in print on 3/1/2004)

by Shannon Whitley

After attending PeopleSoft Connect and seeing the single sign-on demos, my end users decided that they wanted to bypass the sign-on page in PeopleSoft. It was a big step for them. We had discussed this option over the past year, but there were still two major security concerns: a small number of managers share their passwords with their assistants, and many people walk away from their desks leaving their PCs unlocked and vulnerable to tampering.

To allay the security concerns, a stipulation was made that individual users could disable the bypass-sign-on functionality. With this requirement in mind and after careful consideration, a decision was made to push ahead with the project to bypass the sign-on page. Of course, there was the added "and, by-the-way, we need this in a few weeks for open enrollment." So I had a challenge ahead of me. This project had to support three authentication schemes: 1) PeopleSoft passwords via the sign-on page, 2) LDAP passwords via the sign-on page or 3) bypass the sign-on page altogether. Furthermore, any one of these options can be enabled or disabled by the user through the PeopleSoft personalizations page.

Part of the purpose of this article is to walk you through the steps that I took to develop a portion of the overall solution. I do not intend to discuss PeopleSoft passwords or LDAP, since this has been addressed in other articles. Instead, I will focus on bypassing the sign-on page and web authentication. It should be noted that, in my organization, we use the same user id for network logins and PeopleSoft. If your organization has chosen to use a different user id for PeopleSoft, you will need to develop a way to lookup your PeopleSoft user id using the network user id.

This project turned out to be difficult. The resulting code was not difficult to write, but the research was painful because there are no examples out there. My company is not using SSL, which means that PeopleSoft's sample Sign-on PeopleCode couldn't be used. Quite honestly, I would have rather used WebLogic to perform the authentication using a call to Java, but I ran out of time and had to fall back on Microsoft's Internet Information Server (IIS). I knew that my approach would work, but I also knew that it could be better. Feel free to experiment and let me know if you have a better way. Better yet, write an article for VP1 so that we can all benefit from your knowledge.

To continue reading this article you must have a current VP1 Subscription.
Already a Subscriber?

email:
password:
Become a VP1 Subscriber

or

Activate your Digital Subscription

© Copyright 2007 VP1 - All other trademarks are the property of their respective owners.